Michael Tsfoni
Michael Tsfoni
Looks like it's implemented in the CLI directly and not in the library: https://github.com/CycloneDX/cyclonedx-cli/blob/main/src/cyclonedx/Commands/Sign/SignBomCommand.cs There is no particular reasons it's not possible in this tool. I think it could be...
> More broadly speaking, what is the plan in terms of all the other features in the CLI tool in relation to cyclonedx-dotnet? > > Can we expect merge/add/etc. to...
> Whenever such mutations are needed (which I suspect may become more the norm than an exception), people will need to set up custom steps in their CI/CD pipelines to...
Hey @Lachstec, I don’t have deep knowledge about signing. Professionally, I’ve only used SBOMs internally. It’s fair to assume the CLI might be a bit outdated. The CycloneDX format should...
> Is it a false positive ? Most likely. This is maintained by members of the cyclonedx organisation. I did the last few releases and the one in question. I...
Version 9.0.2 of the library exposes an option for that. It's called something like 'unsafeRelaxedJsonEscaping'. In 'cyclonedx-dotnet' I made in a separate output option (there is now 'json' and 'unsafeJson')....
Hi, yes, the CycloneDX CLI uses the [cyclonedx-dotnet-library](https://github.com/CycloneDX/cyclonedx-dotnet-library/) under the hood. Great to hear you found a workaround. I will leave the issue open in case anybody wants to implement...
Thank you for reporting, great level of details. Bug should be fixed any moment. I noticed this in your output: `Removed transitive dependency Microsoft.Extensions.Dependencyinjection.Abstractions from FluentValidation.DependencyInjectionExtensions`, which is something I...
A workaround could also be to disable recursive. If not needed, I recommend to not use it as it can also cause inaccurate scan results. The problem is likely here:...